notation

package module
v0.11.0-alpha.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2022 License: Apache-2.0 Imports: 5 Imported by: 21

README

Notation

Build Status codecov Go Reference

A collection of libraries for supporting Notation sign, verify, push, pull of oci artifacts. Based on Notary V2 standard.

Table of Contents

Core Documents

Code of Conduct

This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.

License

This project is covered under the Apache 2.0 license. You can read the license here.

Documentation

Index

Constants

View Source 
const MediaTypePayloadV1 = "application/vnd.cncf.notary.payload.v1+json"

MediaTypePayloadV1 is the supported content type for signature's payload.

Variables

View Source 
var SigningAgent = "Notation/1.0.0"

SigningAgent is the unprotected header field used by signature.

Functions

This section is empty.

Types

type Descriptor 

type Descriptor struct {
	// The media type of the targeted content.
	MediaType string `json:"mediaType"`

	// The digest of the targeted content.
	Digest digest.Digest `json:"digest"`

	// Specifies the size in bytes of the blob.
	Size int64 `json:"size"`

	// Contains optional user defined attributes.
	Annotations map[string]string `json:"annotations,omitempty"`
}

Descriptor describes the artifact that needs to be signed.

func (Descriptor) Equal 

func (d Descriptor) Equal(t Descriptor) bool

Equal reports whether d and t points to the same content.

type Payload 

type Payload struct {
	TargetArtifact Descriptor `json:"targetArtifact"`
}

Payload describes the content that gets signed.

type Service 

type Service interface {
	Signer
	Verifier
}

Service combines the signing and verification services.

type SignOptions 

type SignOptions struct {
	// Expiry identifies the expiration time of the resulted signature.
	Expiry time.Time

	// TSA is the TimeStamp Authority to timestamp the resulted signature if present.
	TSA timestamp.Timestamper

	// TSAVerifyOptions is the verify option to verify the fetched timestamp signature.
	// The `Intermediates` in the verify options will be ignored and re-contrusted using
	// the certificates in the fetched timestamp signature.
	// An empty list of `KeyUsages` in the verify options implies ExtKeyUsageTimeStamping.
	TSAVerifyOptions x509.VerifyOptions

	// Sets or overrides the plugin configuration.
	PluginConfig map[string]string
}

SignOptions contains parameters for Signer.Sign.

type Signer 

type Signer interface {
	// Sign signs the artifact described by its descriptor,
	// and returns the signature.
	Sign(ctx context.Context, desc Descriptor, opts SignOptions) ([]byte, error)
}

Signer is a generic interface for signing an artifact. The interface allows signing with local or remote keys, and packing in various signature formats.

type Verifier 

type Verifier interface {
	// Verify verifies the signature and returns the verified descriptor and
	// metadata of the signed artifact.
	Verify(ctx context.Context, signature []byte, opts VerifyOptions) (Descriptor, error)
}

Verifier is a generic interface for verifying an artifact.

type VerifyOptions 

type VerifyOptions struct {
	// SignatureMediaType is the envelope type of the signature.
	// Currently both `application/jose+json` and `application/cose` are supported.
	SignatureMediaType string
}

VerifyOptions contains parameters for Verifier.Verify.

func (VerifyOptions) Validate 

func (opts VerifyOptions) Validate() error

Validate does basic validation on VerifyOptions.

Source Files

View all Source files

Directories

Path Synopsis
crypto
jwsutil
Package jwsutil provides serialization utilities for JWT libraries to comfort JWS.
 Package jwsutil provides serialization utilities for JWT libraries to comfort JWS.
timestamp
Package timestamp generates timestamping requests to TSA servers, and fetches the responses according to RFC 3161.
 Package timestamp generates timestamping requests to TSA servers, and fetches the responses according to RFC 3161.
timestamp/timestamptest
Package timestamptest provides utilities for timestamp testing
 Package timestamptest provides utilities for timestamp testing
internal
crypto/cms
Package cms verifies signatures in Cryptographic Message Syntax (CMS) / PKCS7 defined in RFC 5652.
 Package cms verifies signatures in Cryptographic Message Syntax (CMS) / PKCS7 defined in RFC 5652.
crypto/hashutil
Package hashutil provides utilities for hash.
 Package hashutil provides utilities for hash.
crypto/oid
Package oid collects object identifiers for crypto algorithms.
 Package oid collects object identifiers for crypto algorithms.
crypto/pki
Package pki contains certificate management protocol structures defined in RFC 2510.
 Package pki contains certificate management protocol structures defined in RFC 2510.
encoding/asn1
Package asn1 decodes BER-encoded ASN.1 data structures and encodes in DER.
 Package asn1 decodes BER-encoded ASN.1 data structures and encodes in DER.
mock
manager
Package verification provides the utilities for handling verification related logic like Trust Stores and Trust Policies.
 Package verification provides the utilities for handling verification related logic like Trust Stores and Trust Policies.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.